CSRF—Cross Site Request Forgery
Principle: The cause of the csrf vulnerability is that the cookies of the website will not expire in the browser, forging requests for trusted users, as long as you do not close the browser or log out, then as long as you visit this website in the future, you will default to the status that you are already logged in. During this period, the attacker sends a constructed csrf script or a link containing csrf scripts, which may perform some functions that the user does not want to do (such as adding an account, etc.)
1. We opened the shooting range and found that it was a CMS. Since we know the background path, we directly enter the background login interface
Enter the account password, enter the background,
and then click on the file manager, click on the new file.
At this time, we open burp. When modifying the file, use the packet capture tool to capture the modified data package
and then use the Burp tool to change it into a csrf attack File
We first delete the newly created file, and then visit the web page created by BURP to find that it automatically jumps to our administrator background. We can use the built-in web page to prevent the
successful creation of the LB.php file, and the CSRF is successful